Lucene search
K

167 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.5 views

CVE-2023-23621

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0....

8.6CVSS7.2AI score0.00868EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.2 views

CVE-2023-23616

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to...

4.3CVSS4.7AI score0.00678EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:44 a.m.4 views

CVE-2023-43814

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/groupedpollresults endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where t...

3.7CVSS6.6AI score0.00314EPSS
Exploits0References1
Snyk
Snyk
added 2025/02/11 6:31 p.m.4 views

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization. An attacker can bypass security measures and gain unauthorized access by exploiting this vulnerability. Remediation Upgrade magento/community-editio...

9.3CVSS7AI score0.15857EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.2 views

Access Control Bypass

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass that could allow a privileged attacker to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9...

5.4CVSS6.9AI score0.00415EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.2 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition enabling the bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11,...

6.3CVSS6.9AI score0.00369EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.4 views

Incorrect Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Incorrect Authorization enabling the bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4,...

5.1CVSS6.9AI score0.00505EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/11 6:31 p.m.1 views

Improper Authorization

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization enabling bypass of a security feature. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9, 2.4.7-p4, 2.4.8-beta2...

8.2CVSS6.9AI score0.00627EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/10/02 12:0 a.m.3 views

Drupal Diff module < 1.8.0,2.0.0-2.0.0-beta2 - Authenticated Multiple Vulnerabilities

Authenticated Multiple Vulnerabilities discovered by Matthias Vogel in WordPress Module Diff versions 1.8.0,2.0.0-2.0.0-beta2...

7AI score
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.3 views

Mautic 安全漏洞

Mautic is an open source marketing automation software from Mautic Open Source. The software monitors and manages websites, sends emails and manages customer resources. A security vulnerability exists in Mautic 1.0.0-beta2 and earlier versions, which stems from a cross-site scripting issue in the...

9CVSS8.4AI score0.00585EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/05 10:1 a.m.5 views

SUSE CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

6.1CVSS6.8AI score0.00434EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/06/05 12:0 a.m.3 views

Drupal Acquia DAM module < 1.0.13,1.1.0-1.1.0-beta2 - Unauthenticated Multiple Vulnerabilities

Unauthenticated Multiple Vulnerabilities discovered by Matt Glaman in WordPress Module Acquia DAM versions 1.0.13,1.1.0-1.1.0-beta2...

7AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.9 views

PT-2024-10363 · Acquia · Acquia Dam

Name of the Vulnerable Software and Affected Versions: Acquia DAM versions 0.0.0 through 1.0.12 Acquia DAM versions 1.1.0 through 1.1.0-beta2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in the Acquia DAM module of the Drupal CMS system. This vulnerability...

5.5CVSS7.6AI score0.0014EPSS
Exploits0References5
NVD
NVD
added 2024/06/04 8:15 p.m.47 views

CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

6.1CVSS6AI score0.00434EPSS
Exploits0References2
OSV
OSV
added 2024/06/04 8:15 p.m.3 views

UBUNTU-CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

6.1CVSS6AI score0.00434EPSS
Exploits0References4
OSV
OSV
added 2024/06/04 7:53 p.m.27 views

CVE-2024-32464 ActionText ContentAttachment can Contain Unsanitized HTML

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

6.1CVSS6AI score0.00434EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/04 12:0 a.m.3 views

PT-2024-24592 · Unknown · Actiontext

Name of the Vulnerable Software and Affected Versions: ActionText versions 7.1.0 through 7.1.3.3 ActionText version 7.2.0.beta1 Description: The issue arises from instances of ActionText::Attachable::ContentAttachment included within a rich text area tag, which could potentially contain unsanitiz...

6.1CVSS6.3AI score0.00434EPSS
Exploits0References15
OSV
OSV
added 2024/03/06 11:0 a.m.11 views

BIT-DISCOURSE-2023-23620 Discourse restricted tag routes leak topic information

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the stable...

5.3CVSS5.4AI score0.00669EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:0 a.m.18 views

BIT-DISCOURSE-2023-23622 Discourse: Presence of read restricted topics may be leaked if tagged with a tag that is visible to all users

Discourse is an open-source discussion platform. Prior to version 3.0.1 of the stable branch and version 3.1.0.beta2 of the beta and tests-passed branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or...

4.3CVSS4.5AI score0.00534EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 10:59 a.m.18 views

BIT-DISCOURSE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...

5.3CVSS5AI score0.0059EPSS
Exploits0References4
Rows per page
Query Builder